Adaptation in natural and artificial systems
Adaptation in natural and artificial systems
The nature of statistical learning theory
The nature of statistical learning theory
Machine Learning
An introduction to genetic algorithms
An introduction to genetic algorithms
Artificial Intelligence Review - Special issue on lazy learning
Properties of support vector machines
Neural Computation
Efficient algorithms for mining outliers from large data sets
SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
Ensemble of structure-adaptive self-organizing maps for high performance classification
Information Sciences: an International Journal - methods and systems for intelligent human—computer interaction
Hierarchical classification of Web content
SIGIR '00 Proceedings of the 23rd annual international ACM SIGIR conference on Research and development in information retrieval
Practical automated detection of stealthy portscans
Journal of Computer Security
Estimating the Generalization Performance of an SVM Efficiently
ICML '00 Proceedings of the Seventeenth International Conference on Machine Learning
Statistical Traffic Modeling for Network Intrusion Detection
MASCOTS '00 Proceedings of the 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems
SAINT '03 Proceedings of the 2003 Symposium on Applications and the Internet
Analysis of a Denial of Service Attack on TCP
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Testing network-based intrusion detection signatures using mutant exploits
Proceedings of the 11th ACM conference on Computer and communications security
Supervised learning on a fuzzy Petri net
Information Sciences—Informatics and Computer Science: An International Journal
Classification methods in the detection of new malicious emails
Information Sciences—Informatics and Computer Science: An International Journal
Estimating the Support of a High-Dimensional Distribution
Neural Computation
Wide-area Internet traffic patterns and characteristics
IEEE Network: The Magazine of Global Internetworking
Hierarchical multi-pattern matching algorithm for network content inspection
Information Sciences: an International Journal
A hybrid artificial immune system and Self Organising Map for network intrusion detection
Information Sciences: an International Journal
A fuzzy-genetic approach to network intrusion detection
Proceedings of the 10th annual conference companion on Genetic and evolutionary computation
Local anomaly detection for mobile network monitoring
Information Sciences: an International Journal
Information Sciences: an International Journal
Expert Systems with Applications: An International Journal
A triangle area based nearest neighbors approach to intrusion detection
Pattern Recognition
Review: Intrusion detection by machine learning: A review
Expert Systems with Applications: An International Journal
Detecting Network Anomalies Using CUSUM and EM Clustering
ISICA '09 Proceedings of the 4th International Symposium on Advances in Computation and Intelligence
Anomaly intrusion detection by clustering transactional audit streams in a host computer
Information Sciences: an International Journal
An SVM-based machine learning method for accurate internet traffic classification
Information Systems Frontiers
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Information Sciences: an International Journal
Evolution strategies based adaptive Lp LS-SVM
Information Sciences: an International Journal
Building a qualitative recruitment system via SVM with MCDM approach
Applied Intelligence
AI based supervised classifiers: an analysis for intrusion detection
ACAI '11 Proceedings of the International Conference on Advances in Computing and Artificial Intelligence
Information Sciences: an International Journal
Masquerader classification system with linux command sequences using machine learning algorithms
ICDEM'10 Proceedings of the Second international conference on Data Engineering and Management
An evaluation of clustering technique over intrusion detection system
Proceedings of the International Conference on Advances in Computing, Communications and Informatics
New class-dependent feature transformation for intrusion detection systems
Security and Communication Networks
idMAS-SQL: Intrusion Detection Based on MAS to Detect and Block SQL injection through data mining
Information Sciences: an International Journal
The Journal of Supercomputing
Information Sciences: an International Journal
Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues
Information Sciences: an International Journal
NetGator: malware detection using program interactive challenges
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Dynamic entropy based DoS attack detection method
Computers and Electrical Engineering
Information Sciences: an International Journal
A distance sum-based hybrid method for intrusion detection
Applied Intelligence
Hi-index | 0.07 |
Zero-day cyber attacks such as worms and spy-ware are becoming increasingly widespread and dangerous. The existing signature-based intrusion detection mechanisms are often not sufficient in detecting these types of attacks. As a result, anomaly intrusion detection methods have been developed to cope with such attacks. Among the variety of anomaly detection approaches, the Support Vector Machine (SVM) is known to be one of the best machine learning algorithms to classify abnormal behaviors. The soft-margin SVM is one of the well-known basic SVM methods using supervised learning. However, it is not appropriate to use the soft-margin SVM method for detecting novel attacks in Internet traffic since it requires pre-acquired learning information for supervised learning procedure. Such pre-acquired learning information is divided into normal and attack traffic with labels separately. Furthermore, we apply the one-class SVM approach using unsupervised learning for detecting anomalies. This means one-class SVM does not require the labeled information. However, there is downside to using one-class SVM: it is difficult to use the one-class SVM in the real world, due to its high false positive rate. In this paper, we propose a new SVM approach, named Enhanced SVM, which combines these two methods in order to provide unsupervised learning and low false alarm capability, similar to that of a supervised SVM approach. We use the following additional techniques to improve the performance of the proposed approach (referred to as Anomaly Detector using Enhanced SVM): First, we create a profile of normal packets using Self-Organized Feature Map (SOFM), for SVM learning without pre-existing knowledge. Second, we use a packet filtering scheme based on Passive TCP/IP Fingerprinting (PTF), in order to reject incomplete network traffic that either violates the TCP/IP standard or generation policy inside of well-known platforms. Third, a feature selection technique using a Genetic Algorithm (GA) is used for extracting optimized information from raw internet packets. Fourth, we use the flow of packets based on temporal relationships during data preprocessing, for considering the temporal relationships among the inputs used in SVM learning. Lastly, we demonstrate the effectiveness of the Enhanced SVM approach using the above-mentioned techniques, such as SOFM, PTF, and GA on MIT Lincoln Lab datasets, and a live dataset captured from a real network. The experimental results are verified by m-fold cross validation, and the proposed approach is compared with real world Network Intrusion Detection Systems (NIDS).